Job Description:
Job Title: IT/Cybersecurity Specialist
Location: Exton, PA 19341
Duration: 9 months (Contract + Potential Extension)
Pay Rate: $40 - $50 per hour on W2
Location: Exton Onsite
Shift: 1st 8 am - 4:30 pm
Education: AA/AS Degree in Cybersecurity, Systems Engineering, Controls Engineering, or Computer Science; Preferred minimum of 5 years of experience in related field
Top 3 Skills:
Understanding of industry accepted software life cycle programs and relevant IT/OT and cybersecurity controls
Very good knowledge of IT/OT systems, preferably in a Medical Manufacturing, Pharmaceutical, or Engineering Environment
Demonstrated ability to evaluate, develop and implement procedures following Change Control practices
General Job information
Job title: Cybersecurity Specialist
Purpose of the job
The role will be part Biomedical s Digital Department, supporting the organization by identifying and delivering operational improvements using (new) technology and data. This in the context of our niche and highly regulated quality and operational environment.
In the role, you are a subject matter expert for GXP guidelines and corporate cybersecurity requirements for operations technologies (CSOT) and R&D technologies (CSRD). You will partner with the functional stakeholders to ensure understanding and ownership of their roles to uphold cybersecurity standards and mitigate risk.
Your role will support the digital journey of Biomedical in creating:
Verify, record, and correct account access on digital assets
Update digital asset management inventories based on investigation results
Engage with the business to define digital asset requirements
Facilitate or participate in impact assessments for OT, IT, and R&D digital assets and solutions
Develop plans and execute on the following:
Assessing site(s) antivirus installation for digital assets or recording justifications after collaborating with area/system owners
Install antivirus, pending Window patches, or OS security updates as needed; develop process for routine management
Implement secure network practices by replacing insecure protocols, disabling or securing vulnerable services (Telnet, VNC), and managing Wi-Fi security in compliance with change management processes
Establish and maintain OT cybersecurity governance by developing a RASCI matrix, assigning event notification responsibilities, and ensuring VLAN cleanup
Manage and reconcile IT/OT asset inventories and CSOT network diagrams, ensuring accuracy, completeness, and timely updates for system changes or decommissioning
Implement formal processes for asset lifecycle communication and conduct periodic reviews to maintain integrity of all Systems Under Consideration (SUC)
4. Job Context
Biomedical is a market leader in regenerative medicine and in the supply of biomaterials to the medical industry. We have established a team of exceptionally talented and experienced individuals who are committed to innovation, collaboration and improving the medical professional and patient experiences.
As part of our company strategy, we have identified digital as a key business driver for growth.
The digital strategy has identified three focus areas:
Digital driven growth & Innovation
Enhance the usage of market and customer data that enables our marketing & sales force in nurturing their relationships with key accounts. Identify new business opportunities for sales and product Innovation, enabled by digital.
Operational visibility & Efficiency
Drive harmonization and automation in our core business processes and drive proactive data orchestration to enable growth, continuous improvement, and operational visibility. This will support both internal and external data collaborations.
Digital Workforce Enablement
Provide access to digital technologies and data enabling the workforce to become more efficient and effective. We invest in new methods for training and capability building for the workforce of the future.
5. Job Content:
Key Areas of Accountability / Responsibility
You are responsible for maintaining and contributing to the cybersecurity program ensuring that it aligns with corporate and regulatory requirements, defining procedures for cybersecurity, and driving decisions around the direction of the company on the subject matter.
Assist QA management in response to Customer or Regulated Body Audits in all findings related to software security.
Contributes to the assessment of requirements and documentation of software solutions
Act as an individual contributor and trusted advisor to functional stakeholders in matters related to cybersecurity
Advise in application development and acquisitions to assess security requirements and controls; ensures security controls are implemented and periodically monitored.
Collaborate with corporate cybersecurity leadership to keep abreast of changing standards or new/emerging cybersecurity risks or threats.
Manage the cybersecurity aspects related to the change control of technology within Biomedical
SHE & Security
Good SHE behavior is key, so making sure to adhere to the SHE requirements, reporting SHE incidents or near misses and applying the information security requirements are key.
It is the responsibility of each employee to work in a safe and responsible manner in order to create an injury free and incident free workplace.
Identifies all relevant SHE and security aspects and assesses the corresponding risks related to position (e.g. use of machines, traveling, required training, ergonomics, SHE plans etc.); acts in such a way that the SHE and security impact on him/herself and others is minimized (e.g. following instructions/procedures, knowing location of fire extinguishers, good housekeeping, document classification and handling etc.) reports and gives followup to any incidents (near misses, injuries, dangerous occurrences etc.)
Complies with all job related safety, security and other training requirements.
Report any SHE and Security incidents (including observed risks) to management.
Show behavior in line with the SHE and Security risks and agreed controls, including being compliant to and Biomedical requirements, rules and procedures.
Comply with all Life Saving Rules.
7. Complexity of the job
This job requires a combination of analytical and conceptual capabilities. You are hands-on and involved in the daily operation cross technology platforms. The role will interact with external and internal stakeholders including Innovation, Sales, Quality, Manufacturing, Digital and Tech, and external technology partners. You operate in a global, organization where virtual collaboration is a key to be successful. The role needs to collaborate intensively with Quality Engineers, QA, QC, Business Managers, Project Managers, Manufacturing, Operations, and all other departments to assure our cybersecurity needs are met. Additionally, the role will require regularly scheduled collaboration with corporate functions such as Group Operational Excellence (GOE) and Digital &Tech to stay aligned and ahead on changing trends and policies.
8. Knowledge and educational level
AA/AS Degree in Cybersecurity, Systems Engineering, Controls Engineering, or Computer Science; Preferred minimum of 5 years of experience in related field
Engineering or Cybersecurity related experience within an FDA Regulated, Medical Device, Pharmaceutical, Biotech, or other regulated industry
Solid understanding of cybersecurity protection best practices and methods
Certifications in cybersecurity methods and standards such as CompTIA Security+ or Risk and Information Systems Control (CRISC) preferred.
Knowledge of computer system validation is a plus.
9. Required level of experiences
Deep understanding of risk management
Understanding of industry accepted software life cycle programs and relevant IT/OT and cybersecurity controls
Fluid collaboration skills across business, digital, and external vendors
Very good knowledge of IT/OT systems, preferably in a Medical Manufacturing, Pharmaceutical, or Engineering Environment
Demonstrated ability to evaluate, develop and implement procedures following Change Control practices
Experience with ISO 9001, ISO 13485, and 21 CFR parts 11, 211, and 820 is a plus
Familiarity with emerging trends like Cloud Computing, Software Assurance and Data Analytics is a plus
Well-developed interpersonal and teamwork skills to communicate and resolve cybersecurity issues with all departments in a global, multicultural, and virtual context
Demonstrated ability to multitask resulting in positive outcomes for each task assigned
Proven experience with business process analysis